Hi,
I'm currently using squid 2.5 stable 6 (I know it's old but it works
and isn't the root of the problem!). Am using squid_radius_auth against
out RADIUS server.
When the authenticators start, everything works OK but after a while
(certainly less than 6 hours), the authenticator accepts any
credentials! I've performed a packet capture and can see the RADIUS
request and the response from the RADIUS server giving Access-Reject but
the authenticator returns OK! The following is an strace of the
authenticator process:
10:34:55 read(0, "aaa aaa\n", 1024) = 8
10:36:22 time(NULL) = 1180949782
10:36:22 send(4,
"\1\0\0005f\330^\\lZ\106\16\305\271\10\0214UK\30\1\5aaa\2\22\311\215\264\3640\235|\347\2760ooH\27AR\5\6\1\0\0o\4\6\302\251!\n",
55, 0) = 55
10:36:22 select(5, [4], NULL, NULL, {1, 0}) = 1 (in [4], left {1, 0})
10:36:22 recvfrom(4,
"\2\0\0>\330\256J\36\5U\334D\364S\315u\1\3153T\7\6\0\0\0\1\11\6\337\377\377\376\n\6\0\0\0\0\33\6\0\1R\100\34\6\0\0\16\20\35\6\0\0\0\0\6\6\0\0\0\2",
8192, 0, {sa_family=AF_INET, sin_port=htons(1645),
sin_addr=inet_addr("192.168.0.1")}, [16]) = 62
10:36:22 write(2, "Warning: Received invalid reply digest from
server\n", 51) = 51
10:36:22 write(1, "OK\n", 3) = 3
As you can see, there's a 'Warning: Received invalid reply digest from
server' message.
Performing a 'squid -k reconfigure' restarts the authenticators and the
authentication works as expected and there are no warnings present.
When the warnings start the authenticator starts accepting any credentials!
Any advice would be appreciated.
Regards,
Neil.
-- Neil Hillard neil.hillard@agustawestland.com AgustaWestland http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd.Received on Mon Jun 04 2007 - 03:48:35 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:03 MDT